I have an strange issue with ldap passwd sync = only on FreeBSD 6.1 with Samba 3.0.25a + OpenLDAP 2.3.37 I have the OpenLDAP smbk5pwd overlay which successfuly synchronizes LM and NT passwords: $ ldappasswd -D 'cn=sambamgr,ou=managers,o=stars' -w sambapass -s secret1 'uid=lacoste,ou=Users,ou=Accounts,o=stars' Result: Success (0) My OpenLDAP auditlog file confirms that smbk5pwd is working: # modify 1187006837 o=stars cn=sambamgr,ou=Managers,o=stars dn: uid=lacoste,ou=Users,ou=Accounts,o=stars changetype: modify replace: userPassword userPassword:: e1NTSEF9UFZSZk1zcTNoRlFuYWhGMzRWN1BZWE5BU3U0MHNVTWo- replace: sambaPwdMustChange sambaPwdMustChange: 1218542837 - replace: sambaPwdLastSet sambaPwdLastSet: 1187006837 - replace: sambaLMPassword sambaLMPassword: 8d16f4badd1da493aad3b435b51404ee - replace: sambaNTPassword sambaNTPassword: b39a61f16a4e11fa80580241f1d4aae8 - replace: pwdChangedTime pwdChangedTime: 20070813120717Z - replace: entryCSN entryCSN: 20070813120717Z#000000#00#000000 - replace: modifiersName modifiersName: cn=sambamgr,ou=Managers,o=stars - replace: modifyTimestamp modifyTimestamp: 20070813120717Z - # end replace 1187006837 Here's the auditlog when I modify the password under Windows XP with ldap passwd sync = yes. Note that as expected there are two modifications: - one for the LM and NT passwords - and one for the userPassword which triggers another "change" of the LM and NT passwords. # modify 1187007048 o=stars cn=sambamgr,ou=Managers,o=stars dn: uid=lacoste,ou=Users,ou=Accounts,o=stars changetype: modify delete: sambaLMPassword sambaLMPassword: 8d16f4badd1da493aad3b435b51404ee - add: sambaLMPassword sambaLMPassword: 485B60ABDAF3DCBEAAD3B435B51404EE - delete: sambaNTPassword sambaNTPassword: b39a61f16a4e11fa80580241f1d4aae8 - add: sambaNTPassword sambaNTPassword: C2CC78BA8B1DF908F563858B3095C7C7 - delete: sambaPwdLastSet sambaPwdLastSet: 1187006837 - add: sambaPwdLastSet sambaPwdLastSet: 1187007048 - replace: entryCSN entryCSN: 20070813121048Z#000000#00#000000 - replace: modifiersName modifiersName: cn=sambamgr,ou=Managers,o=stars - replace: modifyTimestamp modifyTimestamp: 20070813121048Z - # end replace 1187007048 # modify 1187007048 o=stars cn=sambamgr,ou=Managers,o=stars dn: uid=lacoste,ou=Users,ou=Accounts,o=stars changetype: modify replace: userPassword userPassword:: e1NTSEF9YmVKTHNIOFVaK3pkNDJ4WGhHTUdtcVk2QjZiMWVzR1Q- replace: sambaPwdMustChange sambaPwdMustChange: 1218543048 - replace: sambaPwdLastSet sambaPwdLastSet: 1187007048 - replace: sambaLMPassword sambaLMPassword: 485b60abdaf3dcbeaad3b435b51404ee - replace: sambaNTPassword sambaNTPassword: c2cc78ba8b1df908f563858b3095c7c7 - replace: pwdChangedTime pwdChangedTime: 20070813121048Z - replace: entryCSN entryCSN: 20070813121048Z#000001#00#000000 - replace: modifiersName modifiersName: cn=sambamgr,ou=Managers,o=stars - replace: modifyTimestamp modifyTimestamp: 20070813121048Z - # end replace 1187007048 To avoid the double change of LM and NT passwords I set ldap passwd sync = only in my smb.conf but when I change the password from XP none of the passwords is changed even though XP reports success. This works like a charm with Samba 3.0.22 + OpenLDAP 2.3.24 under FreeBSD 6.1. Any help to troubleshoot the problem would be appreciated. Regards, Thierry.